Re: Bug or Security Feature in Server reply?

Jon P. Knight (
Thu, 11 Aug 1994 13:06:42 +0200

On Thu, 11 Aug 1994, Frank Majewski wrote:
> Passing this kind of HTML-code causes two tested clients (XMosaic 2.4 & MacWeb)
> to look at server's URL (ie. its CGI-BIN-dir) for the file(s)!
> You might say: "That's to be excepted, because the action-URL in the FORM becomes
> the actual matching MAIN-URL!" but in my opinion this is a failure because *after*
> starting the form you are not at server side any more but at client side (the
> transmission has successfully ended), aren't you?

Why not use a <BASE> tag in the <HEAD> of the returned HTML? Then your
relative URL would become relative to the HREF attribute of the BASE
element and not the HREF of the CGI script. You'd want a line in the
headers some thing like:

<BASE HREF="file://localhost/.">

Or am I missing something here?


Jon Knight, Research Student in High Performance Networking and Distributed
Systems in the Department of _Computer_Studies_ at Loughborough University.
* It's not how big your share is, its how much you share that's important *